How to Create Fine Gained Password Policies

How to Create Fine Gained Password Policies

How to Create a Fine-Grained Password Policy in Active Directory

Before the launch of Windows Server 2008, administrators could apply only one password and account lockout policy to the entire user base in the organization. If the administrators wanted to enforce stricter password policies for just a subset of critical users in the organization, they'd have to organize them in a separate domain and apply a different domain policy.

However, with the launch of Windows Server 2008, Microsoft introduced fine-grained password policies. This helped administrators enforce multiple password and account lockout policies to different sets of users within a single domain.
 
This article walks you through how you can configure fine-grained password policies in your Windows environment.To create a new fine-grained password policy using ADC, follow these steps: 
  1. Open Active Directory Administrative Center and click on your domain.
  2. Click on the System folder and navigate to the Password Settings Container.
  3. To create a new password policy, click on New in the right side menu.
  4. Configure the required policy settings and apply it to any users or groups.
  5. To apply the policy to a group or users, click on Add
  6. Select the required users or group and click OK
  7. Click OK on the Create Password Settings screen. 
This will create a fine-grained password policy and apply it to the specified users. 

    • Related Articles

    • Fine-Grained Password Policies

      In Active Directory, there can be only one Password Policy and Account-Lockout Policy per domain. Situations may arise in which setting different account policies for different types of users will be required. For example, employees in the finance ...

    • Domain Password Policies: Configuring and Auditing Correctly!

      Over the past 14 years, I have been around the world helping admins, auditors, and security professionals understand how the domain password policy works in Active Directory. The default behavior has not changed in those 14 years, so you can imagine ...

    • Using Fine Grained Password Policy to exclude a single Active Directory Account from being Locked Out

      How to Exclude a Single User from Account Lockout Policy in Active Directory The Fine-Grained Password Policy is a feature that is available on Windows Server 2008 and later versions, which is used to overcome the limitations faced while using the ...

    • Account Policies

      Even though, AD has implemented strong authentication protocols like Kerberos to protect sensitive information stored in the directory, a malicious user, can still break into the directory by gaining knowledge of the username and password of a user ...

    • Password Policy

      Password Policy ensures that a user password is strong and is changed in a periodic manner so that it becomes highly impossible for an attacker to crack the password. To edit Password Policy settings: Go to Start Menu → Administrative Tools → Group ...